US20070198857A1 - Software execution protection using an active entity - Google Patents

Software execution protection using an active entity Download PDF

Info

Publication number
US20070198857A1
US20070198857A1 US10/596,554 US59655404A US2007198857A1 US 20070198857 A1 US20070198857 A1 US 20070198857A1 US 59655404 A US59655404 A US 59655404A US 2007198857 A1 US2007198857 A1 US 2007198857A1
Authority
US
United States
Prior art keywords
key
computer program
static resource
encrypted
entity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/596,554
Other languages
English (en)
Inventor
Nikolco Gidalov
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Koninklijke Philips NV
Original Assignee
Koninklijke Philips Electronics NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics NV filed Critical Koninklijke Philips Electronics NV
Assigned to KONINKLIJKE PHILIPS ELECTRONICS N V reassignment KONINKLIJKE PHILIPS ELECTRONICS N V ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GIDALOV, NIKOLCO
Publication of US20070198857A1 publication Critical patent/US20070198857A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/123Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/109Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect

Definitions

  • the present invention relates in general to prevention of execution of computer program code, and in particular to encrypting and decrypting static data by using an active entity.
  • Strong execution protection methods can make use of a so called hardware dongle, as an example of one type of active entity, connected to, for instance, a parallel or a serial port, such as the USB (Universal Serial Bus) port or the printer port of, for instance, a PC (Personal Computer).
  • a dongle is typically a passive element but can contain programmable memory loaded with several encryption/decryption keys. Information can be exchanged between the PC and the dongle.
  • Such a dongle can for example be used in the following two ways:
  • a shell program is created around the software to be protected.
  • the original software is completely or partially encrypted in dependence of the keys from the dongle, after which the encryption is embedded in the shell.
  • the created shell is thus based on the keys from the dongle but also on the algorithm used to decrypt the software.
  • the shell retrieves the keys from the dongle, extracts the encrypted software, decrypts said encrypted software and runs the original software.
  • the dongle is not present or in case a different dongle, containing different keys, is used, the decryption fails.
  • the entry-point of the original program can be replaced with the entry-point of a procedure.
  • a logical function is provided and retrieves the keys from the dongle. Based on the retrieved keys, complex logic is arranged to decide whether the dongle is the correct dongle, or not. After a successful dongle identification the function calls the original program entry-point, which enables execution of the original software.
  • the communication content of the different communication sessions between the PC and the dongle is usually the same, which implies that by wiretapping said communication it is possible to retrieve the protocol and the keys, and later emulate the dongle in either hardware or software, without the need for the original dongle.
  • the entry-point of the original program is called, and the original program is provided in the memory as is.
  • the experienced user can write the program back to the portable executable of said program.
  • the methods of the hardware dongle versions as discussed above have the following drawbacks. Firstly, there is a risk that removing all checks of the dongle in the software to be protected can be successful. Secondly, there is a risk that the dongle is emulated by an intruder.
  • this object is achieved by a method of encrypting at least part of a computer program element for enabling protecting execution of said computer program element, comprising the steps of:
  • this object is also achieved by a computer program encryption device for encrypting at least part of a computer program element for enabling protecting execution of said computer program element, being arranged to:
  • this object is also achieved by a computer program product comprising a computer readable medium, having thereon computer program code means, to make a computer execute, when said computer program code means is loaded in the computer:
  • this object is also achieved by a computer program element comprising computer program code means to make a computer execute, when said computer program code means is loaded in the computer:
  • this object is also achieved by a computer program product comprising a computer readable medium, having thereon computer program code means comprising:
  • a computer program element comprising computer program code means comprising:
  • this object is also achieved by a method of decrypting at least part of a computer program element for enabling execution of said computer program element, comprising the steps of:
  • this object is also achieved by a method of decrypting at least part of a computer program element for enabling execution of said computer program element, comprising the steps of:
  • this object is also achieved by a computer program decryption device for decrypting at least part of a computer program element for enabling execution of said computer program element, said device being arranged to:
  • this object is also achieved by a computer program decryption device for decrypting at least part of a computer program element for enabling execution of said computer program element, arranged to:
  • this object is also achieved by a computer program product comprising a computer readable medium, having thereon computer program code means, to make a computer execute, when said program code means is loaded in the computer:
  • this object is also achieved by a computer program element comprising computer program code means to make a computer execute, when said computer program code means is loaded in the computer:
  • this object is also achieved by a computer program product comprising a computer readable medium, having thereon computer program code means, to make a computer execute, when said program code means is loaded in the computer:
  • this object is also achieved by a computer program element comprising computer program code means to make a computer execute:
  • the general idea behind the present invention is to protect execution of computer program code by using encrypting of a computer program element of a static resource within said computer program code.
  • the idea further relies on the usage of two entities during decrypting of said encrypted a static resource, wherein communication between said two entities is at least partly encrypted.
  • the process of decryption requires a first and a second entity.
  • the computer program code cannot be executed within the first entity even after removal of requests for the second entity.
  • Claim 2 is directed toward storing the at least one encrypted static resource in said computer element. This claim has the advantage that resources that are needed during execution of a computer program element can be encrypted.
  • Claims 3 , 11 , 18 and 23 are directed toward using a public key and a private key of a public/private key pair. The advantage being that one key is needed to decrypt data that was encrypted by the other key.
  • Claims 4 and 12 are directed toward having the public key in a computer program element and computer program code means, respectively. These claims have the advantage of enabling the usage of a secure private key for decrypting data that have been encrypted by using the public key.
  • Claim 5 is directed towards obtaining the private key, corresponding to the public key, and storing said private key in an entity separate from an entity in which a computer program element is provided. This claim has the advantage of dramatically enhancing the security of the protection of execution by enabling separation of the two entities.
  • Claim 6 is directed towards extracting at least one static resource from a position in a computer program element and storing the encrypted resource in said position. This is advantageous as firstly, the original information is not available and secondly, no other part or element is affected by the storing of the encrypted resource.
  • Claims 15 and 20 are directed toward obtaining a third key and encrypting/decrypting of at least one static resource by using said third key. These claims carry the advantage that the static resource sent by one entity to another entity, can be encrypted with said third key.
  • Claims 16 and 24 are directed towards using a third key that is a random session key.
  • the advantage with a key being symmetric is that the same key can be used for encryption and decryption, which limits the number of used keys.
  • Claims 17 , 21 and 22 are directed towards further using the first key for encrypting/decrypting the third key and the at least one encrypted static resource. This has the advantage that the third key can be sent encrypted from one entity to the other, enabling enhanced security of the encryption of the static data by using the third key.
  • FIG. 1 presents a flow-chart of a method of encrypting according to a preferred embodiment of the present invention
  • FIG. 2A presents a flow-chart of a method of decrypting according to a preferred embodiment of the present invention, performed in a device having the computer program code;
  • FIG. 2B presents a flow-chart of a method of decrypting according to a preferred embodiment of the present invention
  • FIG. 3 schematically illustrates encryption of a program code according to the present invention
  • FIG. 4 schematically illustrates decryption of a protected program code according to the present invention
  • FIG. 5 schematically presents a computer and a dongle, which two entities communicate during decrypting of encrypted data
  • FIG. 6 shows a computer program product, having thereon computer program code means, related to the present invention.
  • the present invention relates to protecting execution of computer program code by encrypting and decrypting static resources of said computer program code.
  • the encryption and decryption uses Public Key Cryptography architecture and requires accessing the source code of the computer program code to be protected.
  • FIG. 5 presents one embodiment of the present invention of these two different entities.
  • a computer such as a personal computer 52 , represents a first entity and an active dongle 54 , represents the second entity. These two entities are arranged to send/receive information during the decrypting steps of the process.
  • a security chip can be used instead of a dongle. This security chip can be integrated in the computer platform.
  • the active dongle is typically equipped with a small processor that can run simple symmetric and asymmetric encryption/decryption algorithms.
  • the interface between the two entities, here the computer and the active dongle can be USB (Universal Serial Port), a network, or another communication channel.
  • USB Universal Serial Port
  • the communication between the computer and the active dongle is based on the client-server model.
  • encryption is typically carried out elsewhere independent of said computer.
  • encrypting and decrypting of information are related to each other, in a way similar to a key and a lock, being related.
  • the process of encrypting is performed so that a communication channel between the computer and the dongle is established for decrypting the encrypted data.
  • the process of decrypting starts within the computer, having loaded decrypted program code, and continues by sending information over the communication channel to the dongle, where the decrypting process further continues, followed by the dongle sending information back to the computer, at which entity the program code eventually can be executed.
  • FIG. 1 presenting a flow-chart of encryption of at least part of a computer program element together with FIG. 3 schematically illustrating encryption of a computer program code.
  • This encryption is typically carried out within a third entity different from the above mentioned two entities.
  • the static data of the original program can be of any type, for instance, strings, definitions, initial variable values, images, constants, format-related static data or other static resources.
  • a first and a second key in the form of a pair of encryption/decryption keys (a public key Kpb 314 , and a private key Kpr 316 ) is generated, step 104 .
  • a public key Kpb 314 a public key
  • Kpr 316 a private key
  • either one of the two keys can be used to encrypt data, and similarly either one of them can be used to decrypt data, but once one key is chosen to, for example, encrypt data only the other one can be used to decrypt said encrypted data.
  • the static data 306 is encrypted, step 106 , by using the public key Kpb 314 , as an encryption key, creating the static data encrypted with said public key (Static data)Kpb 310 .
  • the dongle, the program code 304 is changed, step 108 , to achieve a modified program code 308 .
  • This communication channel will thus be used during the decrypting of data, which will be described below.
  • each piece of static data that is extracted, step 102 , at a certain position of the program code is replaced by an encrypted copy of said data.
  • This is performed by storing the encrypted data, step 110 , in the original program code, preferably but not necessarily at the position at which the non-encrypted data was present in the original program code, 102 .
  • the public key Kpb 314 is stored, step 112 , in the program code to obtain, step 116 , a protected program code 312 .
  • the private key Kpr 316 that corresponds to said public key Kpb 314 , is stored in the dongle 318 .
  • the protected program code 312 obtained thus contains pieces of encrypted static data, which encrypted static data efficiently prevents the program code from being executed, without prior decrypting said static data.
  • the computer program code cannot be executed solely by cracking single if-then statements. This is in contrast to shell-like encryption methods, wherein the program code is to a large extent left un-encrypted but a shell preventing execution of said program code is encrypted. By cracking the single shell execution of the program within the shell is enabled.
  • the unencrypted parts can however be executed.
  • the method that is described below is used for each piece of program code element. For each such piece, a communication session is started and information is communicated over the communication channel between the computer and the dongle. Moreover, for each such session a session key is generated as will be explained in more detail below.
  • performing execution of the protected computer program code 402 is started in the computer.
  • the computer locates static data (Static data)Kpb 406 , encrypted with the public key Kpb 314 , from FIG. 3 .
  • the computer retrieves the stored public key Kpb 408 , in the protected computer program code.
  • a third key in the form of a random session key Ks 404 is generated, step 202 .
  • the encrypted static data 406 is then combined, step 204 , with the generated random session key Ks 404 , after which the combination of encrypted static data 406 , and the session key Ks 404 , is encrypted, step 206 , by using the public key 406 , thus generating an encrypted combination ((Static data)Kpb+Ks)Kpb 410 , of encrypted static data 406 , and said session key Ks 404 .
  • said encrypted combination 410 is sent, step 208 , to the dongle 54 .
  • the vertical dotted line A, in FIG. 4 denotes the interface between the computer 52 and the dongle 54 .
  • the dongle can be connected to the computer by using a port of the computer or by using a connection over a network of any kind, for instance the Internet.
  • the computer then decrypts, step 212 , the encrypted static data by using a session key Ks 432 .
  • the random session key is a symmetric key
  • encrypting and decrypting is performed by using the same key. This implies that the random session key 426 , the session key 432 , and the random session key Ks 404 , are the same keys.
  • step 214 which static data 434 , is used upon request during the execution of the program code 436 .
  • the dongle 54 firstly obtains, step 216 , the private key Kpr 316 in FIG. 3 , during the method of encrypting static data. Secondly, it receives, step 218 , an encrypted combination ((Static data)Kpb+Ks)Kpb 410 , of 1) static data, 406 , encrypted with the public key, and 2) the session key Ks 404 , where said combination is encrypted with the public key Kpb 408 . From the dongle 54 , said encrypted combination ((Static data)Kpb+Ks)Kpb 414 , and the private key Kpr 416 , are extracted.
  • the encrypted combination 414 is decrypted, step 220 , generating the session key Ks 420 , and the static data (Static data)Kpb 418 , encrypted with the public key Kpb 408 .
  • the encrypted static data 418 is decrypted, step 222 , by again using the private key Kpr 422 , which is the same key as referred to the private key 416 .
  • decrypted static data 424 is obtained, step 224 .
  • the dongle has thus obtained decrypted static data.
  • the decrypted static data 424 is again encrypted, step 226 , but at this step by using the session key 426 , which key is obtained from decrypting the encrypted combination, step 220 .
  • this interface B is the dongle-computer USB interface.
  • This interface can however as an alternative contain a network, such as the Internet, another network, with one or more other computers, or a communication channel of any type.
  • FIG. 6 shows a computer program product 62 , that has computer program code means stored thereon.
  • This computer program product can be of any type, for instance a Compact Disc (CD), a diskette, a Digital Versatile Disc (DVD), solid-state memory, or a hard disk.
  • the protecting execution of a computer program code can be used to prevent unauthorized access to any hardware that is controlled by or in some way dependent on said computer program code.
  • the invention can further be varied in many ways, as described below.
  • One alternative to the embodiment as presented above is to make use of a security chip as the second entity. It is hence understood that the security chip and said computer are two discrete entities, even though one might be positioned within the other.
  • a security platform involving security chips is the TCPA/Palladium platform, which platform is well suited to be used in this alternative embodiment.
  • protecting execution of a computer program code is enabled by using an active entity of the type of another computer program code. This is thus an alternative to the embodiments in which a security chip or a dongle is used for the decryption of encrypted static resources.
  • step 108 can be performed prior to the step of generating public and private keys, step 104 .
  • the method of decrypting static data comprises sending the encrypted data by a computer to a dongle, in which the data is decrypted by using a private key and further returned to the computer.
  • a session key there is no usage of a session key.
  • the method of decrypting static data comprises sending by a computer to a dongle the encrypted data and a session key.
  • the dongle decrypts the static data, encrypts the static data by using the session key and returns the data to the computer.
  • This embodiment does not use the public key to encrypt the combination of the session key and the encrypted static data.
  • the method of decrypting the static data the session key and the encrypted static data are encrypted separately by using the public key. There is hence no encrypted combination of session key and encrypted static data.
  • the session key only is encrypted by the computer, whereas the already encrypted static data is sent to the dongle as is.
  • the computer program decryption device is a distributed computer device comprising several computers.
  • the static data extracted at a certain position of a computer program element is stored at a different position of the same or a different computer program element.
  • the unencrypted static data is extracted from the element and is no longer available at its position.
  • the generation of the session key during decrypting encrypted static data is performed by the computer, on order from the program code.
  • the generation of the session key during decrypting encrypted static data is performed by the program code before encountering a new piece of encrypted static data.
  • the first entity is any type of computer, such as a PDA (Personal Digital Assistant), a palm top computer, a lap top computer, a personal computer, a gaming computer, a computer server, or similar.
  • PDA Personal Digital Assistant
  • palm top computer a palm top computer
  • lap top computer a personal computer
  • gaming computer a gaming computer server, or similar.
  • any reference signs placed between parentheses shall not be construed as limiting the claim.
  • the word “comprising” does not exclude the presence of elements or steps other than those listed in a claim.
  • the word “a” or “an” preceding an element does not exclude the presence of a plurality of such elements.
  • the invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer.
  • a single processor or other (programmable) unit may also fulfill the functions of several means recited in the claims.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Storage Device Security (AREA)
US10/596,554 2003-12-22 2004-12-06 Software execution protection using an active entity Abandoned US20070198857A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP03104884.6 2003-12-22
EP03104884 2003-12-22
PCT/IB2004/052674 WO2005064433A1 (en) 2003-12-22 2004-12-06 Software execution protection using an active entity

Publications (1)

Publication Number Publication Date
US20070198857A1 true US20070198857A1 (en) 2007-08-23

Family

ID=34717217

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/596,554 Abandoned US20070198857A1 (en) 2003-12-22 2004-12-06 Software execution protection using an active entity

Country Status (6)

Country Link
US (1) US20070198857A1 (enrdf_load_stackoverflow)
EP (1) EP1700181A1 (enrdf_load_stackoverflow)
JP (1) JP2007515723A (enrdf_load_stackoverflow)
KR (1) KR20060127007A (enrdf_load_stackoverflow)
CN (1) CN1898623A (enrdf_load_stackoverflow)
WO (1) WO2005064433A1 (enrdf_load_stackoverflow)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080229115A1 (en) * 2007-03-16 2008-09-18 Microsoft Corporation Provision of functionality via obfuscated software
US20090248721A1 (en) * 2008-03-25 2009-10-01 Felix Burton System And Method for Stack Crawl Testing and Caching
US20100037063A1 (en) * 2008-08-11 2010-02-11 International Business Machines Corporation Method, system and program product for securing data written to a storage device coupled to a computer system
EP2305927A4 (en) * 2008-04-22 2014-01-15 Ncrypt Inc ELECTRONIC KEY SYSTEM
US8650127B1 (en) * 2006-01-06 2014-02-11 Apple Inc. Digital rights management for computer program code
US20140342774A1 (en) * 2011-02-15 2014-11-20 David Goren Systems and methods of transferring user information to different devices
AU2012234508B2 (en) * 2011-03-30 2017-07-06 Irdeto B.V. Enabling a software application to be executed on a hardware device
US10944866B2 (en) 2011-02-15 2021-03-09 David Goren Systems and methods of transferring user information to different devices

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101224717B1 (ko) * 2008-12-26 2013-01-21 에스케이플래닛 주식회사 소프트웨어 라이센스 보호 방법과 그를 위한 시스템, 서버,단말기 및 컴퓨터로 읽을 수 있는 기록매체
EP2689375B1 (en) * 2011-03-21 2021-09-15 Irdeto B.V. System and method for securely binding and node-locking program execution to a trusted signature authority
EP2629223A1 (en) * 2012-02-14 2013-08-21 Thomson Licensing System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction
CN108011879B (zh) * 2017-11-30 2020-10-16 广州酷狗计算机科技有限公司 文件加密、解密的方法、装置、设备和存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6266416B1 (en) * 1995-07-13 2001-07-24 Sigbjoernsen Sigurd Protection of software against use without permit
US20010037450A1 (en) * 2000-03-02 2001-11-01 Metlitski Evgueny A. System and method for process protection
US7380120B1 (en) * 2001-12-12 2008-05-27 Guardian Data Storage, Llc Secured data format for access control

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10303880A (ja) * 1997-05-01 1998-11-13 Digital Vision Lab:Kk サービス提供システム
JP2003509881A (ja) * 1999-09-03 2003-03-11 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ 記録された電子出版資料からのマスター鍵の復元方法
US6782477B2 (en) * 2002-04-16 2004-08-24 Song Computer Entertainment America Inc. Method and system for using tamperproof hardware to provide copy protection and online security

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6266416B1 (en) * 1995-07-13 2001-07-24 Sigbjoernsen Sigurd Protection of software against use without permit
US20010037450A1 (en) * 2000-03-02 2001-11-01 Metlitski Evgueny A. System and method for process protection
US7380120B1 (en) * 2001-12-12 2008-05-27 Guardian Data Storage, Llc Secured data format for access control

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8650127B1 (en) * 2006-01-06 2014-02-11 Apple Inc. Digital rights management for computer program code
US20080229115A1 (en) * 2007-03-16 2008-09-18 Microsoft Corporation Provision of functionality via obfuscated software
US20090248721A1 (en) * 2008-03-25 2009-10-01 Felix Burton System And Method for Stack Crawl Testing and Caching
US9274923B2 (en) * 2008-03-25 2016-03-01 Wind River Systems, Inc. System and method for stack crawl testing and caching
EP2305927A4 (en) * 2008-04-22 2014-01-15 Ncrypt Inc ELECTRONIC KEY SYSTEM
US9177488B2 (en) * 2008-08-11 2015-11-03 International Business Machines Corporation Method, system and program product for securing data written to a storage device coupled to a computer system
US20100037063A1 (en) * 2008-08-11 2010-02-11 International Business Machines Corporation Method, system and program product for securing data written to a storage device coupled to a computer system
US20140342774A1 (en) * 2011-02-15 2014-11-20 David Goren Systems and methods of transferring user information to different devices
US9210261B2 (en) * 2011-02-15 2015-12-08 David Goren Systems and methods of transferring user information to different devices
US10944866B2 (en) 2011-02-15 2021-03-09 David Goren Systems and methods of transferring user information to different devices
US11528357B2 (en) 2011-02-15 2022-12-13 David Goren Systems and methods of transferring user information to different devices
AU2012234508B2 (en) * 2011-03-30 2017-07-06 Irdeto B.V. Enabling a software application to be executed on a hardware device
US9910970B2 (en) * 2011-03-30 2018-03-06 Irdeto B.V. Enabling a software application to be executed on a hardware device
US10552588B2 (en) 2011-03-30 2020-02-04 Irdeto B.V. Enabling a software application to be executed on a hardware device

Also Published As

Publication number Publication date
JP2007515723A (ja) 2007-06-14
WO2005064433A1 (en) 2005-07-14
CN1898623A (zh) 2007-01-17
EP1700181A1 (en) 2006-09-13
KR20060127007A (ko) 2006-12-11

Similar Documents

Publication Publication Date Title
EP2267628B1 (en) Token passing technique for media playback devices
KR100362219B1 (ko) 변조방지 프로세서를 이용하여 프로그램을 분배하기 위한방법 및 시스템
US6266416B1 (en) Protection of software against use without permit
US7770021B2 (en) Authenticating software using protected master key
US20020083318A1 (en) Method and system for software integrity control using secure hardware assist
US7802109B2 (en) Trusted system for file distribution
JP2002077137A (ja) 電子著作物の保護方法及び保護システム
WO2004006075A1 (ja) 開放型汎用耐攻撃cpu及びその応用システム
JP2002077136A (ja) 電子著作物の保護方法及び保護システム
CN101236590A (zh) 一种基于门限密码体制的软件分割保护的实现方法
JP2007013433A (ja) 暗号化データを送受信する方法及び情報処理システム
JP7527538B2 (ja) ユーザ保護ライセンス
JP4353651B2 (ja) 電子著作物から秘話化電子著作物を生成する方法、及び電子著作物をプレゼンテーションデータに変換する間保護する方法
US7835521B1 (en) Secure keyboard
US20070198857A1 (en) Software execution protection using an active entity
US6651169B1 (en) Protection of software using a challenge-response protocol embedded in the software
US20190044709A1 (en) Incorporating software date information into a key exchange protocol to reduce software tampering
JP2013175179A (ja) 少なくとも1つの暗号化された命令を備えるソフトウェアアプリケーションの協調実行のためのシステム、デバイスおよび方法
JP6796861B2 (ja) アプリケーションソフトウェアの提供及び認証方法並びにそのためのシステム
CN111177773B (zh) 一种基于网卡rom的全盘加解密方法及系统
Mana et al. A framework for secure execution of software
JP2005303370A (ja) 半導体チップ、起動プログラム、半導体チッププログラム、記憶媒体、端末装置、及び情報処理方法
CN115499141B (zh) 一种基于属性的数据加密方法及装置
CN107688729B (zh) 基于可信主机的应用程序保护系统及方法
Nützel et al. How to Increase the security of digital rights management systems without affecting consumer’s Security

Legal Events

Date Code Title Description
AS Assignment

Owner name: KONINKLIJKE PHILIPS ELECTRONICS N V, NETHERLANDS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GIDALOV, NIKOLCO;REEL/FRAME:017799/0114

Effective date: 20050802

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION